def test_proxy_workspace_agenda__err__other_workspace_agenda(self) -> None: dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter( User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config) groups = [gapi.get_one_with_name("users")] uapi.create_user( "*****@*****.**", password="******", do_save=True, do_notify=False, groups=groups, ) workspace_api = WorkspaceApi(current_user=admin, session=dbsession, config=self.app_config, show_deleted=True) workspace = workspace_api.create_workspace("test", save_now=True) transaction.commit() self.testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**")) result = self.testapp.get("/agenda/workspace/{}/".format( workspace.workspace_id), status=403) assert result.json_body["code"] == 5001
def connect_database(self, create_tables: bool = False) -> None: self.engine = get_engine(self.app_config) if create_tables: DeclarativeBase.metadata.create_all(self.engine) self.session_factory = get_session_factory(self.engine) self.session = get_tm_session(self.session_factory, transaction.manager)
def test_functional__webdav_access_to_root__nominal_case(self) -> None: dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) gapi = GroupApi( current_user=admin, session=dbsession, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] user = uapi.create_user('*****@*****.**', password='******', do_save=True, do_notify=False, groups=groups) # nopep8 transaction.commit() self.testapp.authorization = ( 'Basic', ( '*****@*****.**', '*****@*****.**' ) ) res = self.testapp.get('/', status=200) assert res
def test_api__reset_password_reset__ok_204__nominal_case(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) reset_password_token = uapi.reset_password_notification(admin, do_save=True) # nopep8 transaction.commit() params = { 'email': '*****@*****.**', 'reset_password_token': reset_password_token, 'new_password': '******', 'new_password2': 'mynewpassword', } self.testapp.post_json( '/api/v2/auth/password/reset/modify', status=204, params=params, ) # check if password is correctly setted self.testapp.authorization = ( 'Basic', ( '*****@*****.**', 'mynewpassword' ) ) self.testapp.get( '/api/v2/auth/whoami', status=200, )
def test_api__reset_password_reset__err_400__invalid_token(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) reset_password_token = 'wrong_token' params = { 'email': '*****@*****.**', 'reset_password_token': reset_password_token, 'new_password': '******', 'new_password2': 'mynewpassword', } res = self.testapp.post_json( '/api/v2/auth/password/reset/modify', status=400, params=params, ) assert isinstance(res.json, dict) assert 'code' in res.json.keys() assert res.json_body['code'] == error.INVALID_RESET_PASSWORD_TOKEN
def test_api__reset_password_reset__err_400__password_does_not_match(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) reset_password_token = uapi.reset_password_notification(admin, do_save=True) # nopep8 transaction.commit() params = { 'email': '*****@*****.**', 'reset_password_token': reset_password_token, 'new_password': '******', 'new_password2': 'anotherpassword', } res = self.testapp.post_json( '/api/v2/auth/password/reset/modify', status=400, params=params, ) assert isinstance(res.json, dict) assert 'code' in res.json.keys() assert res.json_body['code'] == error.PASSWORD_DO_NOT_MATCH
def test_api___simple_search_ok__no_search_string(self) -> None: dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter(User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config) groups = [gapi.get_one_with_name("trusted-users")] user = uapi.create_user( "*****@*****.**", password="******", do_save=True, do_notify=False, groups=groups, ) workspace_api = WorkspaceApi( current_user=admin, session=dbsession, config=self.app_config, show_deleted=True ) workspace = workspace_api.create_workspace("test", save_now=True) rapi = RoleApi(current_user=admin, session=dbsession, config=self.app_config) rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False) api = ContentApi(session=dbsession, current_user=user, config=self.app_config) api.create( content_type_slug="html-document", workspace=workspace, label="test", do_save=True ) transaction.commit() self.testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**")) res = self.testapp.get("/api/v2/search/content".format(), status=200) search_result = res.json_body assert search_result assert search_result["total_hits"] == 0 assert search_result["is_total_hits_accurate"] is True assert len(search_result["contents"]) == 0
def test_api__reset_password_reset__err_400__expired_token(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) with freeze_time("1999-12-31 23:59:59"): reset_password_token = uapi.reset_password_notification( admin, do_save=True ) params = { 'email': '*****@*****.**', 'reset_password_token': reset_password_token, 'new_password': '******', 'new_password2': 'mynewpassword', } transaction.commit() with freeze_time("2000-01-01 00:00:05"): res = self.testapp.post_json( '/api/v2/auth/password/reset/modify', status=400, params=params, ) assert isinstance(res.json, dict) assert 'code' in res.json.keys() assert res.json_body['code'] == error.EXPIRED_RESET_PASSWORD_TOKEN # nopep8
def test_api__reset_password_reset__err_400__expired_token(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter( User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) with freeze_time("1999-12-31 23:59:59"): reset_password_token = uapi.reset_password_notification( admin, do_save=True) params = { "email": "*****@*****.**", "reset_password_token": reset_password_token, "new_password": "******", "new_password2": "mynewpassword", } transaction.commit() with freeze_time("2000-01-01 00:00:05"): res = self.testapp.post_json("/api/v2/auth/password/reset/modify", status=400, params=params) assert isinstance(res.json, dict) assert "code" in res.json.keys() assert res.json_body[ "code"] == ErrorCode.EXPIRED_RESET_PASSWORD_TOKEN
def _populate_database( cls, settings: plaster_pastedeploy.ConfigDict, add_test_data: bool ) -> None: engine = get_engine(settings) session_factory = get_session_factory(engine) app_config = CFG(settings) print("- Populate database with default data -") with transaction.manager: dbsession = get_tm_session(session_factory, transaction.manager) try: fixtures = [BaseFixture] fixtures_loader = FixturesLoader(dbsession, app_config) fixtures_loader.loads(fixtures) transaction.commit() if add_test_data: app_config.configure_filedepot() fixtures = [ContentFixture] fixtures_loader.loads(fixtures) transaction.commit() print("Database initialized.") except IntegrityError as exc: transaction.abort() print('Database initialization failed') raise DatabaseInitializationFailed( 'Warning, there was a problem when adding default data' ', it may have already been added.' ) from exc
def test_api__try_whoami_enpoint__err_401__user_is_not_active(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter(User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config) groups = [gapi.get_one_with_name("users")] test_user = uapi.create_user( email="*****@*****.**", password="******", name="bob", groups=groups, timezone="Europe/Paris", lang="en", do_save=True, do_notify=False, ) uapi.save(test_user) uapi.disable(test_user) transaction.commit() self.testapp.authorization = ("Basic", ("*****@*****.**", "password")) res = self.testapp.get("/api/v2/auth/whoami", status=401) assert isinstance(res.json, dict) assert "code" in res.json.keys() # INFO - G.M - 2018-09-10 - Handled by marshmallow_schema assert res.json_body["code"] is None assert "message" in res.json.keys() assert "details" in res.json.keys()
def test_functional__webdav_access_to_root__remote_auth(self) -> None: dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) gapi = GroupApi( current_user=admin, session=dbsession, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] user = uapi.create_user( '*****@*****.**', password=None, do_save=True, do_notify=False, groups=groups, auth_type=AuthType.REMOTE ) uapi.save(user) transaction.commit() extra_environ = { 'REMOTE_USER': '******', } res = self.testapp.get('/', status=200, extra_environ=extra_environ) assert res
def test_api__get_applications__ok_200__nominal_case(self): """ Get applications list with a registered user. """ self.testapp.authorization = ( 'Basic', ( '*****@*****.**', '*****@*****.**' ) ) res = self.testapp.get('/api/v2/system/applications', status=200) res = res.json_body dbsession = get_tm_session(self.session_factory, transaction.manager) app_api = ApplicationApi( app_list=app_list, ) applications = app_api.get_all() assert len(res) == len(applications) for counter, application in enumerate(applications): assert res[counter]['label'] == application.label assert res[counter]['slug'] == application.slug assert res[counter]['fa_icon'] == application.fa_icon assert res[counter]['hexcolor'] == application.hexcolor assert res[counter]['is_active'] == application.is_active assert res[counter]['config'] == application.config
def test_proxy_user_agenda__ok__nominal_case(self) -> None: dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter( User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config) groups = [gapi.get_one_with_name("users")] user = uapi.create_user( "*****@*****.**", password="******", do_save=True, do_notify=False, groups=groups, ) transaction.commit() self.testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**")) self.testapp.get("/agenda/user/{}/".format(user.user_id), status=404) event = VALID_CALDAV_BODY_PUT_EVENT self.testapp.put("/agenda/user/{}/".format(user.user_id), event, content_type="text/calendar", status=201) self.testapp.get("/agenda/user/{}/".format(user.user_id), status=200) self.testapp.delete("/agenda/user/{}/".format(user.user_id), status=200)
def test_api___simple_search_ok__by_comment_content( self, created_content_name, search_string, nb_content_result, first_search_result_content_name, first_created_comment_content, second_created_comment_content, ) -> None: dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter(User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config) groups = [gapi.get_one_with_name("trusted-users")] user = uapi.create_user( "*****@*****.**", password="******", do_save=True, do_notify=False, groups=groups, ) workspace_api = WorkspaceApi( current_user=admin, session=dbsession, config=self.app_config, show_deleted=True ) workspace = workspace_api.create_workspace("test", save_now=True) rapi = RoleApi(current_user=admin, session=dbsession, config=self.app_config) rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False) api = ContentApi(session=dbsession, current_user=user, config=self.app_config) content = api.create( content_type_slug="html-document", workspace=workspace, label=created_content_name, do_save=True, ) api.create_comment( workspace=workspace, parent=content, content=first_created_comment_content, do_save=True ) api.create_comment( workspace=workspace, parent=content, content=second_created_comment_content, do_save=True, ) api.create( content_type_slug="html-document", workspace=workspace, label="report", do_save=True ) api.create( content_type_slug="thread", workspace=workspace, label="discussion", do_save=True ) transaction.commit() self.testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**")) params = {"search_string": search_string} res = self.testapp.get("/api/v2/search/content".format(), status=200, params=params) search_result = res.json_body assert search_result assert search_result["total_hits"] == nb_content_result assert search_result["is_total_hits_accurate"] is False assert search_result["contents"][0]["label"] == first_search_result_content_name
def test_proxy_user_agenda__ok__workspace_filter(self) -> None: dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter( User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config) groups = [gapi.get_one_with_name("users")] user = uapi.create_user( "*****@*****.**", password="******", do_save=True, do_notify=False, groups=groups, ) workspace_api = WorkspaceApi(current_user=admin, session=dbsession, config=self.app_config, show_deleted=True) workspace = workspace_api.create_workspace("wp1", save_now=True) workspace.agenda_enabled = True workspace2 = workspace_api.create_workspace("wp2", save_now=True) workspace2.agenda_enabled = True workspace3 = workspace_api.create_workspace("wp3", save_now=True) workspace3.agenda_enabled = True rapi = RoleApi(current_user=admin, session=dbsession, config=self.app_config) rapi.create_one(user, workspace, UserRoleInWorkspace.CONTRIBUTOR, False) rapi.create_one(user, workspace2, UserRoleInWorkspace.READER, False) rapi.create_one(user, workspace3, UserRoleInWorkspace.READER, False) transaction.commit() self.testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**")) params = { "workspace_ids": "{},{}".format(workspace.workspace_id, workspace3.workspace_id), "agenda_types": "workspace", } result = self.testapp.get("/api/v2/users/{}/agenda".format( user.user_id), params=params, status=200) assert len(result.json_body) == 2 agenda = result.json_body[0] assert agenda[ "agenda_url"] == "http://localhost:6543/agenda/workspace/{}/".format( workspace.workspace_id) assert agenda["with_credentials"] is True agenda = result.json_body[1] assert agenda[ "agenda_url"] == "http://localhost:6543/agenda/workspace/{}/".format( workspace3.workspace_id) assert agenda["with_credentials"] is True
def test_api__elasticsearch_search__ok__in_file_ingest_search(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter( User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config) groups = [gapi.get_one_with_name("trusted-users")] user = uapi.create_user( "*****@*****.**", password="******", do_save=True, do_notify=False, groups=groups, ) workspace_api = WorkspaceApi(current_user=admin, session=dbsession, config=self.app_config, show_deleted=True) workspace = workspace_api.create_workspace("test", save_now=True) rapi = RoleApi(current_user=admin, session=dbsession, config=self.app_config) rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False) api = ContentApi(session=dbsession, current_user=user, config=self.app_config) with self.session.no_autoflush: text_file = api.create( content_type_slug=content_type_list.File.slug, workspace=workspace, label="important", do_save=False, ) api.update_file_data(text_file, "test_file", "text/plain", b"we need to find stringtosearch here !") api.save(text_file) api.execute_created_content_actions(text_file) content_id = text_file.content_id transaction.commit() self.refresh_elasticsearch() params = {"search_string": "stringtosearch"} self.testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**")) res = self.testapp.get("/api/v2/search/content".format(), status=200, params=params) search_result = res.json_body assert search_result assert search_result["total_hits"] == 1 assert search_result["is_total_hits_accurate"] is True assert len(search_result["contents"]) == 1 assert search_result["contents"][0]["content_id"] == content_id
def test_api__post_content_comment__ok_200__nominal_case(self) -> None: """ Get alls comments of a content """ dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() # type: User workspace_api = WorkspaceApi(current_user=admin, session=dbsession, config=self.app_config) business_workspace = workspace_api.get_one(1) content_api = ContentApi(current_user=admin, session=dbsession, config=self.app_config) tool_folder = content_api.get_one( 1, content_type=content_type_list.Any_SLUG) test_thread = content_api.create( content_type_slug=content_type_list.Thread.slug, workspace=business_workspace, parent=tool_folder, label='Test Thread', do_save=True, do_notify=False, ) with new_revision( session=dbsession, tm=transaction.manager, content=test_thread, ): content_api.update_content(test_thread, new_label='test_thread_updated', new_content='Just a test') transaction.commit() self.testapp.authorization = ('Basic', ('*****@*****.**', '*****@*****.**')) params = {'raw_content': 'I strongly disagree, Tiramisu win!'} res = self.testapp.post_json( '/api/v2/workspaces/{}/contents/{}/comments'.format( business_workspace.workspace_id, test_thread.content_id), params=params, status=200) comment = res.json_body assert comment['content_id'] assert comment['parent_id'] == test_thread.content_id assert comment['raw_content'] == 'I strongly disagree, Tiramisu win!' assert comment['author'] assert comment['author']['user_id'] == admin.user_id # TODO - G.M - 2018-06-172 - [avatar] setup avatar url assert comment['author']['avatar_url'] is None assert comment['author']['public_name'] == admin.display_name # TODO - G.M - 2018-06-179 - better check for datetime assert comment['created']
def test_api__post_content_comment__ok_200__nominal_case(self) -> None: """ Get alls comments of a content """ dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter( User.email == "*****@*****.**").one() # type: User workspace_api = WorkspaceApi(current_user=admin, session=dbsession, config=self.app_config) business_workspace = workspace_api.get_one(1) content_api = ContentApi(current_user=admin, session=dbsession, config=self.app_config) tool_folder = content_api.get_one( 1, content_type=content_type_list.Any_SLUG) test_thread = content_api.create( content_type_slug=content_type_list.Thread.slug, workspace=business_workspace, parent=tool_folder, label="Test Thread", do_save=True, do_notify=False, ) with new_revision(session=dbsession, tm=transaction.manager, content=test_thread): content_api.update_content(test_thread, new_label="test_thread_updated", new_content="Just a test") transaction.commit() self.testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**")) params = {"raw_content": "I strongly disagree, Tiramisu win!"} res = self.testapp.post_json( "/api/v2/workspaces/{}/contents/{}/comments".format( business_workspace.workspace_id, test_thread.content_id), params=params, status=200, ) comment = res.json_body assert comment["content_id"] assert comment["parent_id"] == test_thread.content_id assert comment["raw_content"] == "I strongly disagree, Tiramisu win!" assert comment["author"] assert comment["author"]["user_id"] == admin.user_id # TODO - G.M - 2018-06-172 - [avatar] setup avatar url assert comment["author"]["avatar_url"] is None assert comment["author"]["public_name"] == admin.display_name # TODO - G.M - 2018-06-179 - better check for datetime assert comment["created"]
def test_api__reset_password_check_token__ok_204__unknown_auth(self): # create new user without auth (default is unknown) self.testapp.authorization = ( 'Basic', ( '*****@*****.**', '*****@*****.**' ) ) params = { 'email': '*****@*****.**', 'password': '******', 'profile': 'users', 'timezone': 'Europe/Paris', 'lang': 'fr', 'public_name': 'test user', 'email_notification': False, } res = self.testapp.post_json( '/api/v2/users', status=200, params=params, ) res = res.json_body assert res['user_id'] user_id = res['user_id'] # make a check of token self.testapp.authorization = None dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) user = uapi.get_one_by_email('*****@*****.**') reset_password_token = uapi.reset_password_notification(user, do_save=True) # nopep8 transaction.commit() params = { 'email': '*****@*****.**', 'reset_password_token': reset_password_token } self.testapp.post_json( '/api/v2/auth/password/reset/token/check', status=204, params=params, )
def test_api__test_cookie_auth_token__ok__change_email_dont_break_cookie(self): """ Test if email change doesn't break cookie auth :return: """ dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter(User.email == "*****@*****.**").one() with freeze_time("1999-12-31 23:59:58"): params = {"email": "*****@*****.**", "password": "******"} res = self.testapp.post_json("/api/v2/auth/login", params=params, status=200) assert "Set-Cookie" in res.headers assert "session_key" in self.testapp.cookies user_session_key_1 = self.testapp.cookies["session_key"] # change own email with freeze_time("1999-12-31 23:59:59"): params = { "email": "*****@*****.**", "loggedin_user_password": "******", } self.testapp.put_json( "/api/v2/users/{}/email".format(admin.user_id), params=params, status=200 ) assert "Set-Cookie" in res.headers assert "session_key" in self.testapp.cookies user_session_key_2 = self.testapp.cookies["session_key"] assert user_session_key_1 == user_session_key_2 # session_id should not be return before x time with freeze_time("2000-01-01 00:00:00"): res = self.testapp.get("/api/v2/auth/whoami", status=200) assert "Set-Cookie" not in res.headers assert "session_key" in self.testapp.cookies user_session_key_3 = self.testapp.cookies["session_key"] assert user_session_key_3 == user_session_key_2 # after x time session_id should be renew with freeze_time("2000-01-01 00:02:01"): res = self.testapp.get("/api/v2/auth/whoami", status=200) assert "Set-Cookie" in res.headers assert "session_key" in self.testapp.cookies user_session_key_4 = self.testapp.cookies["session_key"] assert user_session_key_4 != user_session_key_3 # after too much time, session_id should be revoked with freeze_time("2000-01-01 00:12:02"): res = self.testapp.get("/api/v2/auth/whoami", params=params, status=401) assert "Set-Cookie" in res.headers
def test_proxy_workspace_agenda__ok__nominal_case(self) -> None: dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter( User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config) groups = [gapi.get_one_with_name("users")] user = uapi.create_user( "*****@*****.**", password="******", do_save=True, do_notify=False, groups=groups, ) workspace_api = WorkspaceApi(current_user=admin, session=dbsession, config=self.app_config, show_deleted=True) workspace = workspace_api.create_workspace("test", save_now=True) workspace.agenda_enabled = True rapi = RoleApi(current_user=admin, session=dbsession, config=self.app_config) rapi.create_one(user, workspace, UserRoleInWorkspace.CONTENT_MANAGER, False) transaction.commit() self.testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**")) self.testapp.get("/agenda/workspace/{}/".format( workspace.workspace_id), status=404) event = VALID_CALDAV_BODY_PUT_EVENT self.testapp.put( "/agenda/workspace/{}/".format(workspace.workspace_id), event, content_type="text/agenda", status=201, ) self.testapp.get("/agenda/workspace/{}/".format( workspace.workspace_id), status=200) self.testapp.delete("/agenda/workspace/{}/".format( workspace.workspace_id), status=200)
def test_api__post_content_comment__err_400__content_not_editable( self) -> None: """ Get alls comments of a content """ dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() # type: User workspace_api = WorkspaceApi(current_user=admin, session=dbsession, config=self.app_config) business_workspace = workspace_api.get_one(1) content_api = ContentApi(current_user=admin, session=dbsession, config=self.app_config) tool_folder = content_api.get_one( 1, content_type=content_type_list.Any_SLUG) test_thread = content_api.create( content_type_slug=content_type_list.Thread.slug, workspace=business_workspace, parent=tool_folder, label='Test Thread', do_save=True, do_notify=False, ) with new_revision( session=dbsession, tm=transaction.manager, content=test_thread, ): content_api.update_content(test_thread, new_label='test_thread_updated', new_content='Just a test') content_api.set_status(test_thread, 'closed-deprecated') transaction.commit() self.testapp.authorization = ('Basic', ('*****@*****.**', '*****@*****.**')) params = {'raw_content': 'I strongly disagree, Tiramisu win!'} res = self.testapp.post_json( '/api/v2/workspaces/{}/contents/{}/comments'.format( business_workspace.workspace_id, test_thread.content_id), params=params, status=400) assert res.json_body assert 'code' in res.json_body assert res.json_body['code'] == error.CONTENT_IN_NOT_EDITABLE_STATE
def set_html_document_slug_to_legacy(session_factory) -> None: """ Simple function to help some functional test. This modify "html-documents" type content in database to legacy "page" slug. :param session_factory: session factory of the test :return: Nothing. """ dbsession = get_tm_session(session_factory, transaction.manager) content_query = (dbsession.query(ContentRevisionRO).filter( ContentRevisionRO.type == "page").filter( ContentRevisionRO.content_id == 6)) assert content_query.count() == 0 html_documents_query = dbsession.query(ContentRevisionRO).filter( ContentRevisionRO.type == "html-document") html_documents_query.update({ContentRevisionRO.type: "page"}) transaction.commit() assert content_query.count() > 0
def setUp(self): super().setUp() self.testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**")) self.dbsession = get_tm_session(self.session_factory, transaction.manager) self.admin = self.dbsession.query(User).filter( User.email == "*****@*****.**").one() self.workspace_api = WorkspaceApi(current_user=self.admin, session=self.dbsession, config=self.app_config) self.content_api = ContentApi(current_user=self.admin, session=self.dbsession, config=self.app_config) self.workspace = self.workspace_api.create_workspace(label="test", save_now=True) transaction.commit()
def test_api__reset_password_check_token__ok_204__nominal_case(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter( User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) reset_password_token = uapi.reset_password_notification(admin, do_save=True) transaction.commit() params = { "email": "*****@*****.**", "reset_password_token": reset_password_token } self.testapp.post_json("/api/v2/auth/password/reset/token/check", status=204, params=params)
def test_api__post_content_comment__err_400__content_not_editable( self) -> None: """ Get alls comments of a content """ dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter( User.email == "*****@*****.**").one() # type: User workspace_api = WorkspaceApi(current_user=admin, session=dbsession, config=self.app_config) business_workspace = workspace_api.get_one(1) content_api = ContentApi(current_user=admin, session=dbsession, config=self.app_config) tool_folder = content_api.get_one( 1, content_type=content_type_list.Any_SLUG) test_thread = content_api.create( content_type_slug=content_type_list.Thread.slug, workspace=business_workspace, parent=tool_folder, label="Test Thread", do_save=True, do_notify=False, ) with new_revision(session=dbsession, tm=transaction.manager, content=test_thread): content_api.update_content(test_thread, new_label="test_thread_updated", new_content="Just a test") content_api.set_status(test_thread, "closed-deprecated") transaction.commit() self.testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**")) params = {"raw_content": "I strongly disagree, Tiramisu win!"} res = self.testapp.post_json( "/api/v2/workspaces/{}/contents/{}/comments".format( business_workspace.workspace_id, test_thread.content_id), params=params, status=400, ) assert res.json_body assert "code" in res.json_body assert res.json_body["code"] == ErrorCode.CONTENT_IN_NOT_EDITABLE_STATE
def test_api__try_whoami_enpoint__err_401__user_is_not_active(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) gapi = GroupApi( current_user=admin, session=dbsession, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] test_user = uapi.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', lang='en', do_save=True, do_notify=False, ) uapi.save(test_user) uapi.disable(test_user) transaction.commit() self.testapp.authorization = ( 'Basic', ( '*****@*****.**', 'password' ) ) res = self.testapp.get('/api/v2/auth/whoami', status=401) assert isinstance(res.json, dict) assert 'code' in res.json.keys() # INFO - G.M - 2018-09-10 - Handled by marshmallow_schema assert res.json_body['code'] is None assert 'message' in res.json.keys() assert 'details' in res.json.keys()
def test_api__reset_password_reset__ok_204__unknown_auth(self): # create new user without auth (default is unknown) self.testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**")) params = { "email": "*****@*****.**", "password": "******", "profile": "users", "timezone": "Europe/Paris", "lang": "fr", "public_name": "test user", "email_notification": False, } res = self.testapp.post_json("/api/v2/users", status=200, params=params) res = res.json_body assert res["user_id"] # make a check of token self.testapp.authorization = None dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter( User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) user = uapi.get_one_by_email("*****@*****.**") reset_password_token = uapi.reset_password_notification(user, do_save=True) transaction.commit() params = { "email": "*****@*****.**", "reset_password_token": reset_password_token, "new_password": "******", "new_password2": "mynewpassword", } self.testapp.post_json("/api/v2/auth/password/reset/modify", status=204, params=params) # check if password is correctly setted self.testapp.authorization = ("Basic", ("*****@*****.**", "mynewpassword")) self.testapp.get("/api/v2/auth/whoami", status=200)
def test_api__get_applications__ok_200__nominal_case(self): """ Get applications list with a registered user. """ self.testapp.authorization = ('Basic', ('*****@*****.**', '*****@*****.**')) res = self.testapp.get('/api/v2/system/applications', status=200) res = res.json_body dbsession = get_tm_session(self.session_factory, transaction.manager) app_api = ApplicationApi(app_list=app_list, ) applications = app_api.get_all() assert len(res) == len(applications) for counter, application in enumerate(applications): assert res[counter]['label'] == application.label assert res[counter]['slug'] == application.slug assert res[counter]['fa_icon'] == application.fa_icon assert res[counter]['hexcolor'] == application.hexcolor assert res[counter]['is_active'] == application.is_active assert res[counter]['config'] == application.config
def test_functional__webdav_access_to_workspace__nominal_case(self) -> None: dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) gapi = GroupApi( current_user=admin, session=dbsession, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] user = uapi.create_user('*****@*****.**', password='******', do_save=True, do_notify=False, groups=groups) # nopep8 workspace_api = WorkspaceApi( current_user=admin, session=dbsession, config=self.app_config, show_deleted=True, ) workspace = workspace_api.create_workspace('test', save_now=True) # nopep8 rapi = RoleApi( current_user=admin, session=dbsession, config=self.app_config, ) rapi.create_one(user, workspace, UserRoleInWorkspace.READER, False) # nopep8 transaction.commit() self.testapp.authorization = ( 'Basic', ( '*****@*****.**', '*****@*****.**' ) ) res = self.testapp.get('/test', status=200)
def init_database(self) -> None: session = get_tm_session(self.session_factory, transaction.manager) with transaction.manager: try: DeclarativeBase.metadata.drop_all(self.engine) DeclarativeBase.metadata.create_all(self.engine) fixtures_loader = FixturesLoader(session, self.app_config) fixtures_loader.loads(self.fixtures) transaction.commit() logger.info(self, "Database initialized.") except IntegrityError: logger.error( self, 'Warning, there was a problem when adding default data' # nopep8 ', it may have already been added:') import traceback logger.error(self, traceback.format_exc()) transaction.abort() logger.error(self, 'Database initialization failed')
def test_api__try_login_enpoint__err_401__user_not_activated(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) gapi = GroupApi( current_user=admin, session=dbsession, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] test_user = uapi.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', do_save=True, do_notify=False, ) uapi.save(test_user) uapi.disable(test_user) transaction.commit() params = { 'email': '*****@*****.**', 'password': '******', } res = self.testapp.post_json( '/api/v2/auth/login', params=params, status=403, ) assert res.json_body assert 'code' in res.json_body assert res.json_body['code'] == error.AUTHENTICATION_FAILED
def __call__(self, environ, start_response): # TODO - G.M - 18-05-2018 - This code should not create trouble # with thread and database, this should be verify. # see https://github.com/tracim/tracim_backend/issues/62 tm = transaction.manager session = get_tm_session(self.session_factory, tm) registry = get_current_registry() registry.ldap_connector = None if AuthType.LDAP in self.app_config.AUTH_TYPES: registry = self.setup_ldap(registry, self.app_config) environ['tracim_registry'] = registry environ['tracim_context'] = WebdavTracimContext(environ, self.app_config, session) try: app = self._application(environ, start_response) except Exception as exc: transaction.rollback() raise exc finally: transaction.commit() session.close() return app
def test_api__reset_password_check_token__ok_204__nominal_case(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) reset_password_token = uapi.reset_password_notification(admin, do_save=True) # nopep8 transaction.commit() params = { 'email': '*****@*****.**', 'reset_password_token': reset_password_token } self.testapp.post_json( '/api/v2/auth/password/reset/token/check', status=204, params=params, )
def test_api__try_whoami_enpoint__err_401__user_is_not_active(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) gapi = GroupApi( current_user=admin, session=dbsession, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] test_user = uapi.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', do_save=True, do_notify=False, ) uapi.save(test_user) uapi.disable(test_user) transaction.commit() headers_auth = { 'Tracim-Api-Key': 'mysuperapikey', 'Tracim-Api-Login': '******', } res = self.testapp.get( '/api/v2/auth/whoami', status=401, headers=headers_auth ) assert isinstance(res.json, dict) assert 'code' in res.json.keys() assert res.json_body['code'] is None
def test_api__test_cookie_auth_token__ok__change_email_dont_break_cookie(self): # nopep8 """ Test if email change doesn't break cookie auth :return: """ dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() with freeze_time("1999-12-31 23:59:58"): params = { 'email': '*****@*****.**', 'password': '******', } res = self.testapp.post_json( '/api/v2/auth/login', params=params, status=200, ) assert 'Set-Cookie' in res.headers assert 'session_key' in self.testapp.cookies user_session_key_1 = self.testapp.cookies['session_key'] # change own email with freeze_time("1999-12-31 23:59:59"): params = { 'email': '*****@*****.**', 'loggedin_user_password': '******', } self.testapp.put_json( '/api/v2/users/{}/email'.format(admin.user_id), params=params, status=200, ) assert 'Set-Cookie' in res.headers assert 'session_key' in self.testapp.cookies user_session_key_2 = self.testapp.cookies['session_key'] assert user_session_key_1 == user_session_key_2 # session_id should not be return before x time with freeze_time("2000-01-01 00:00:00"): res = self.testapp.get( '/api/v2/auth/whoami', status=200, ) assert 'Set-Cookie' not in res.headers assert 'session_key' in self.testapp.cookies user_session_key_3 = self.testapp.cookies['session_key'] assert user_session_key_3 == user_session_key_2 # after x time session_id should be renew with freeze_time("2000-01-01 00:02:01"): res = self.testapp.get( '/api/v2/auth/whoami', status=200, ) assert 'Set-Cookie' in res.headers assert 'session_key' in self.testapp.cookies user_session_key_4 = self.testapp.cookies['session_key'] assert user_session_key_4 != user_session_key_3 # after too much time, session_id should be revoked with freeze_time("2000-01-01 00:12:02"): res = self.testapp.get( '/api/v2/auth/whoami', params=params, status=401, ) assert 'Set-Cookie' in res.headers
def test_api__post_content_comment__err_400__content_not_editable(self) -> None: """ Get alls comments of a content """ dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() # type: User workspace_api = WorkspaceApi( current_user=admin, session=dbsession, config=self.app_config ) business_workspace = workspace_api.get_one(1) content_api = ContentApi( current_user=admin, session=dbsession, config=self.app_config ) tool_folder = content_api.get_one(1, content_type=content_type_list.Any_SLUG) test_thread = content_api.create( content_type_slug=content_type_list.Thread.slug, workspace=business_workspace, parent=tool_folder, label='Test Thread', do_save=True, do_notify=False, ) with new_revision( session=dbsession, tm=transaction.manager, content=test_thread, ): content_api.update_content( test_thread, new_label='test_thread_updated', new_content='Just a test' ) content_api.set_status(test_thread, 'closed-deprecated') transaction.commit() self.testapp.authorization = ( 'Basic', ( '*****@*****.**', '*****@*****.**' ) ) params = { 'raw_content': 'I strongly disagree, Tiramisu win!' } res = self.testapp.post_json( '/api/v2/workspaces/{}/contents/{}/comments'.format( business_workspace.workspace_id, test_thread.content_id ), params=params, status=400 ) assert res.json_body assert 'code' in res.json_body assert res.json_body['code'] == error.CONTENT_IN_NOT_EDITABLE_STATE
def test_api__post_content_comment__ok_200__nominal_case(self) -> None: """ Get alls comments of a content """ dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() # type: User workspace_api = WorkspaceApi( current_user=admin, session=dbsession, config=self.app_config ) business_workspace = workspace_api.get_one(1) content_api = ContentApi( current_user=admin, session=dbsession, config=self.app_config ) tool_folder = content_api.get_one(1, content_type=content_type_list.Any_SLUG) test_thread = content_api.create( content_type_slug=content_type_list.Thread.slug, workspace=business_workspace, parent=tool_folder, label='Test Thread', do_save=True, do_notify=False, ) with new_revision( session=dbsession, tm=transaction.manager, content=test_thread, ): content_api.update_content( test_thread, new_label='test_thread_updated', new_content='Just a test' ) transaction.commit() self.testapp.authorization = ( 'Basic', ( '*****@*****.**', '*****@*****.**' ) ) params = { 'raw_content': 'I strongly disagree, Tiramisu win!' } res = self.testapp.post_json( '/api/v2/workspaces/{}/contents/{}/comments'.format( business_workspace.workspace_id, test_thread.content_id ), params=params, status=200 ) comment = res.json_body assert comment['content_id'] assert comment['parent_id'] == test_thread.content_id assert comment['raw_content'] == 'I strongly disagree, Tiramisu win!' assert comment['author'] assert comment['author']['user_id'] == admin.user_id # TODO - G.M - 2018-06-172 - [avatar] setup avatar url assert comment['author']['avatar_url'] is None assert comment['author']['public_name'] == admin.display_name # TODO - G.M - 2018-06-179 - better check for datetime assert comment['created']